Fix set_ciphersuites ignore unknown ciphers.

Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12100)
author: Otto Hollmann <otto@hollmann.cz> 2020-06-09 15:50:12 +0200
committer: Tomas Mraz <tmraz@fedoraproject.org> 2021-01-07 17:38:56 +0100
commit: c1e8a0c66e32b4144fdeb49bd5ff7acb76df72b9 (patch)
tree: 1785488db8b67f7baa03d42e0f0cf3a99858dcb9 /ssl
parent: Prepare for 3.0 alpha 11 (diff)
download: openssl-c1e8a0c66e32b4144fdeb49bd5ff7acb76df72b9.tar.xz
openssl-c1e8a0c66e32b4144fdeb49bd5ff7acb76df72b9.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 64ecc543ba..abbe6b71e0 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1300,6 +1300,8 @@ static int ciphersuite_cb(const char *elem, int len, void *arg)
     if (cipher == NULL) {
         ERR_raise(ERR_LIB_SSL, SSL_R_NO_CIPHER_MATCH);
         return 0;
+        /* Ciphersuite not found but return 1 to parse rest of the list */
+        return 1;
     }
 
     if (!sk_SSL_CIPHER_push(ciphersuites, cipher)) {
@@ -1319,7 +1321,8 @@ static __owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const cha
 
     /* Parse the list. We explicitly allow an empty list */
     if (*str != '\0'
-            && !CONF_parse_list(str, ':', 1, ciphersuite_cb, newciphers)) {
+            && (CONF_parse_list(str, ':', 1, ciphersuite_cb, newciphers) <= 0
+                || sk_SSL_CIPHER_num(newciphers) == 0 )) {
         sk_SSL_CIPHER_free(newciphers);
         return 0;
     }
author	Otto Hollmann <otto@hollmann.cz>	2020-06-09 15:50:12 +0200
committer	Tomas Mraz <tmraz@fedoraproject.org>	2021-01-07 17:38:56 +0100
commit	c1e8a0c66e32b4144fdeb49bd5ff7acb76df72b9 (patch)
tree	1785488db8b67f7baa03d42e0f0cf3a99858dcb9 /ssl
parent	Prepare for 3.0 alpha 11 (diff)
download	openssl-c1e8a0c66e32b4144fdeb49bd5ff7acb76df72b9.tar.xz openssl-c1e8a0c66e32b4144fdeb49bd5ff7acb76df72b9.zip